src/Platform/SecurityBundle/Controller/Dashboard/AccountsController.php line 237

Open in your IDE?
  1. <?php
  3. namespace Platform\SecurityBundle\Controller\Dashboard;
  5. use App\Controller\Dashboard\Settings\AccountController;
  6. use Cms\BulletinBundle\Model\Bulletins\AccountCreationBulletin;
  7. use Cms\BulletinBundle\Model\Bulletins\PasswordResetBulletin;
  8. use Cms\BulletinBundle\Service\BulletinService;
  9. use Cms\ContainerBundle\Doctrine\ContainerRepository;
  10. use Cms\ContainerBundle\Doctrine\Containers\GenericContainerRepository;
  11. use Cms\ContainerBundle\Doctrine\Containers\IntranetContainerRepository;
  12. use Cms\ContainerBundle\Entity\Container;
  13. use Cms\ContainerBundle\Entity\Containers\GenericContainer;
  14. use Cms\ContainerBundle\Entity\Containers\IntranetContainer;
  15. use Cms\CoreBundle\Model\Scenes\DashboardScenes\AjaxScene;
  16. use Cms\CoreBundle\Model\Scenes\DashboardScenes\DocumentScene;
  17. use Cms\CoreBundle\Service\ContextManager;
  18. use Cms\CoreBundle\Util\Controller;
  19. use Cms\CoreBundle\Util\DateTimeUtils;
  20. use Cms\CoreBundle\Util\Doctrine\EntityRepository;
  21. use Cms\FileBundle\Service\FileManager;
  22. use Cms\TenantBundle\Model\ProductsBitwise;
  23. use Platform\SecurityBundle\Doctrine\Access\GroupAccountRepository;
  24. use Platform\SecurityBundle\Doctrine\Access\RoleAssociation\AccountRoleAssociationRepository;
  25. use Platform\SecurityBundle\Doctrine\Access\RoleRepository;
  26. use Platform\SecurityBundle\Doctrine\Identity\AccountRepository;
  27. use Platform\SecurityBundle\Doctrine\Identity\GroupRepository;
  28. use Platform\SecurityBundle\Entity\Access\GroupAccount;
  29. use Platform\SecurityBundle\Entity\Access\Role;
  30. use Platform\SecurityBundle\Entity\Access\RoleAssociation;
  31. use Platform\SecurityBundle\Entity\Access\RoleAssociation\AccountRoleAssociation;
  32. use Platform\SecurityBundle\Entity\Identity\Account;
  33. use Platform\SecurityBundle\Entity\Identity\Group;
  34. use Platform\SecurityBundle\Form\Type\Access\PermissionsAuditType;
  35. use Platform\SecurityBundle\Form\Type\Identity\AccountLocaleType;
  36. use Platform\SecurityBundle\Form\Type\Identity\AccountType;
  37. use Platform\SecurityBundle\Form\Type\Profiles\GroupsType;
  38. use Platform\SecurityBundle\Form\Type\Profiles\RolesType;
  39. use Platform\SecurityBundle\Form\Type\Profiles\SpecialPermissionsType;
  40. use Platform\SecurityBundle\Model\Permission;
  41. use Platform\SecurityBundle\Model\Permissions;
  42. use Platform\SecurityBundle\Service\PasswordService;
  43. use Platform\SecurityBundle\Service\Reporters\AccountReporter;
  44. use Platform\SecurityBundle\Service\Search\AccountSearcher;
  45. use Platform\SecurityBundle\Service\Sentry;
  46. use Symfony\Component\Routing\Annotation\Route;
  47. use Symfony\Component\HttpFoundation\RedirectResponse;
  48. use Symfony\Component\HttpFoundation\Request;
  49. use Symfony\Component\HttpFoundation\Response;
  50. use Symfony\Component\HttpFoundation\ResponseHeaderBag;
  51. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  52. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  55. /**
  56.  * Class AccountsController
  57.  * @package Platform\SecurityBundle\Controller\Dashboard
  58.  */
  59. final class AccountsController extends Controller
  60. {
  61.     const ROUTES__LIST 'campussuite.platform.security.dashboard.accounts.list';
  62.     const ROUTES__LIST_LAZY 'campussuite.platform.security.dashboard.accounts.list_lazy';
  63.     const ROUTES__CREATE 'campussuite.platform.security.dashboard.accounts.create';
  64.     const ROUTES__VIEW 'campussuite.platform.security.dashboard.accounts.view';
  65.     const ROUTES__EDIT 'campussuite.platform.security.dashboard.accounts.edit';
  66.     const ROUTES__EDIT_LOCALE 'campussuite.platform.security.dashboard.accounts.edit_locale';
  67.     const ROUTES__REACTIVATE 'campussuite.platform.security.dashboard.accounts.reactivate';
  68.     const ROUTES__DEACTIVATE 'campussuite.platform.security.dashboard.accounts.deactivate';
  69.     const ROUTES__ASSIGN_ROLES 'campussuite.platform.security.dashboard.accounts.assign_roles';
  70.     const ROUTES__REMOVE_ROLES 'campussuite.platform.security.dashboard.accounts.remove_roles';
  71.     const ROUTES__ASSIGN_GROUPS 'campussuite.platform.security.dashboard.accounts.assign_groups';
  72.     const ROUTES__REMOVE_GROUPS 'campussuite.platform.security.dashboard.accounts.remove_groups';
  73.     const ROUTES__MANAGE_PASSWORD 'campussuite.platform.security.dashboard.accounts.manage_password';
  74.     const ROUTES__RESET_PASSWORD 'campussuite.platform.security.dashboard.accounts.reset_password';
  75.     const ROUTES__CLEAR_PASSWORD 'campussuite.platform.security.dashboard.accounts.clear_password';
  76.     const ROUTES__CREDENTIALS 'campussuite.platform.security.dashboard.accounts.credentials';
  77.     const ROUTES__SPECIAL_PERMISSIONS 'campussuite.platform.security.dashboard.accounts.special_permissions';
  78.     const ROUTES__AUDIT 'campussuite.platform.security.dashboard.accounts.audit';
  79.     const ROUTES__EXPORT_XLSX 'campussuite.platform.security.dashboard.accounts.export_xlsx';
  81.     const DEFAULT_COUNT 200;
  83.     /**
  84.      * @return AccountRepository|EntityRepository
  85.      */
  86.     private function getAccountRepository()
  87.     {
  88.         return $this->getRepository(Account::class);
  89.     }
  91.     /**
  92.      * @return RoleRepository|EntityRepository
  93.      */
  94.     private function getRoleRepository()
  95.     {
  96.         return $this->getRepository(Role\CmsRole::class);
  97.     }
  99.     /**
  100.      * @return AccountRoleAssociationRepository|EntityRepository
  101.      */
  102.     private function getAccountRoleAssociationRepository()
  103.     {
  104.         return $this->getRepository(AccountRoleAssociation::class);
  105.     }
  107.     /**
  108.      * @return GroupRepository|EntityRepository
  109.      */
  110.     private function getGroupRepository()
  111.     {
  112.         return $this->getRepository(Group::class);
  113.     }
  115.     /**
  116.      * @return GroupAccountRepository|EntityRepository
  117.      */
  118.     private function getGroupAccountRepository()
  119.     {
  120.         return $this->getRepository(GroupAccount::class);
  121.     }
  123.     /**
  124.      * @return ContainerRepository|EntityRepository
  125.      */
  126.     private function getContainerRepository()
  127.     {
  128.         return $this->getRepository(Container::class);
  129.     }
  131.     /**
  132.      * @return GenericContainerRepository|EntityRepository
  133.      */
  134.     private function getGenericContainerRepository()
  135.     {
  136.         return $this->getRepository(GenericContainer::class);
  137.     }
  139.     /**
  140.      * @return IntranetContainerRepository|EntityRepository
  141.      */
  142.     private function getIntranetContainerRepository()
  143.     {
  144.         return $this->getRepository(IntranetContainer::class);
  145.     }
  147.     /**
  148.      * @return BulletinService|object
  149.      */
  150.     private function getBulletinService(): BulletinService
  151.     {
  152.         return $this->get(__METHOD__);
  153.     }
  155.     /**
  156.      * @return Sentry|object
  157.      */
  158.     private function getSentry(): Sentry
  159.     {
  160.         return $this->get(__METHOD__);
  161.     }
  163.     /**
  164.      * @return FileManager|object
  165.      */
  166.     private function getFileManager(): FileManager
  167.     {
  168.         return $this->get(__METHOD__);
  169.     }
  171.     /**
  172.      * @return AccountReporter|object
  173.      */
  174.     private function getAccountReporter(): AccountReporter
  175.     {
  176.         return $this->get(__METHOD__);
  177.     }
  179.     /**
  180.      * @return AccountSearcher|object
  181.      */
  182.     private function getAccountSearcher(): AccountSearcher
  183.     {
  184.         return $this->get(__METHOD__);
  185.     }
  187.     /**
  188.      * @return PasswordService|object
  189.      */
  190.     private function getPasswordService(): PasswordService
  191.     {
  192.         return $this->get(__METHOD__);
  193.     }
  195.     /**
  196.      * @param Account $account
  197.      * @param string|null $password
  198.      * @return array|bool
  199.      */
  200.     private function sendCreateEmail(Account $account, ?string $password null)
  201.     {
  202.         return $this->getBulletinService()->send(
  203.             (new AccountCreationBulletin())
  204.                 ->setTo($account)
  205.                 ->setAccount($account)
  206.                 ->setPassword($password)
  207.                 ->setDashboard($this->getGlobalContext()->getDashboardUrl())
  208.         );
  209.     }
  211.     /**
  212.      * @param Account $account
  213.      * @param string $password
  214.      * @return array|bool
  215.      */
  216.     private function sendResetPasswordEmail(Account $accountstring $password)
  217.     {
  218.         return $this->getBulletinService()->send(
  219.             (new PasswordResetBulletin())
  220.                 ->setTo($account)
  221.                 ->setAccount($account)
  222.                 ->setPassword($password)
  223.                 ->setDashboard($this->getGlobalContext()->getDashboardUrl())
  224.         );
  225.     }
  227.     /**
  228.      * @param Request $request
  229.      * @return DocumentScene|AjaxScene|RedirectResponse
  230.      *
  231.      * @Route("/", name = AccountsController::ROUTES__LIST)
  232.      * @Route(
  233.      *     "/lazyload",
  234.      *     name = AccountsController::ROUTES__LIST_LAZY
  235.      * )
  236.      */
  237.     public function listAction(Request $request)
  238.     {
  239.         // AUDIT
  240.         $this->denyAccessUnlessGranted('campussuite.platform.security.accounts.manage');
  242.         if ($request->get('_route') == self::ROUTES__LIST_LAZY && ! $request->isXmlHttpRequest()) {
  243.             throw new NotFoundHttpException();
  244.         }
  246.         // if we are in sn migrated mode, jump to the newer areas
  247.         if ($this->getContextManager()->getGlobalContext()->getTenant()->getProducts()->hasFlag(ProductsBitwise::SCHOOLNOW__MIGRATED)) {
  248.             return $this->redirectToRoute(AccountController::ROUTES__MAIN);
  249.         }
  251.         $search $this->getAccountSearcher()->handleRequest($request);
  252.         if ($search instanceof RedirectResponse) {
  253.             return $search;
  254.         }
  255.         $accounts $this->getAccountRepository()->search($search);
  257.         if ($request->isXmlHttpRequest()) {
  258.             return $this->viewAjax(
  259.                 '@PlatformSecurity/Dashboard/Accounts/listLazy.html.twig',
  260.                 array(
  261.                     'accounts' => $accounts,
  262.                     'search' => $search,
  263.                 )
  264.             );
  265.         }
  267.         return $this->view(
  268.             array(
  269.                 'accounts' => $accounts,
  270.                 'search' => $search,
  271.             )
  272.         );
  273.     }
  275.     /**
  276.      * @param Request $request
  277.      * @return DocumentScene|RedirectResponse
  278.      *
  279.      * @Route("/create", name = AccountsController::ROUTES__CREATE)
  280.      */
  281.     public function createAction(Request $request)
  282.     {
  283.         // AUDIT
  284.         $this->denyAccessUnlessGranted('campussuite.platform.security.accounts.manage');
  286.         // create new object
  287.         $account = new Account();
  289.         // create form for creation
  290.         $form $this->createForm(
  291.             AccountType::class,
  292.             $account,
  293.             array(
  294.                 'password' => false,
  295.                 'notify' => ($this->getGlobalContext()->getTenant()->getProducts()->getMask() !== ProductsBitwise::SMM__BASE),
  296.             )
  297.         );
  299.         // check for submission
  300.         if ($this->handleForm($form$request)) {
  301.             // merge form data to object
  302.             /** @var Account $account */
  303.             $account $form->getData();
  305.             try {
  307.                 // attempt to get a password and set it if given
  308.                 $password $form->get('password')->getData();
  309.                 if ( ! empty($password)) {
  310.                     $account->setPasswordRaw($password);
  311.                 }
  313.                 // save to db
  314.                 $this->getEntityManager()->save($account);
  316.                 if ($form->get('notify')->getData() === true) {
  317.                     $this->sendCreateEmail($account$password);
  318.                 }
  320.                 // record log
  321.                 $this->getActivityLogger()->createLog($account);
  323.                 $this->getSession()->getFlashBag()->add('success''Account was successfully saved.');
  324.                 // go to view page
  325.                 return $this->redirectToRoute(
  326.                     self::ROUTES__VIEW,
  327.                     array(
  328.                         'accountId' => $account->getId(),
  329.                     )
  330.                 );
  331.             } catch (\Exception $e) {
  332.                 $this->getSession()->getFlashBag()->add('danger'$e->getMessage());
  333.             }
  334.         }
  336.         return $this->view(
  337.             array(
  338.                 'form' => $form->createView(),
  339.             )
  340.         );
  341.     }
  343.     /**
  344.      * @param $accountId
  345.      * @return DocumentScene
  346.      * @throws \Exception
  347.      *
  348.      * @Route(
  349.      *  "/{accountId}",
  350.      *  name = AccountsController::ROUTES__VIEW,
  351.      *  requirements = {
  352.      *      "accountId" = "[1-9]\d*"
  353.      *  }
  354.      * )
  355.      */
  356.     public function viewAction($accountId)
  357.     {
  358.         // obtain the account
  359.         $account $this->getAccountRepository()->findExact($accountId);
  361.         // AUDIT
  362.         $this->denyAccessUnlessGranted(
  363.             'campussuite.platform.security.accounts.manage',
  364.             array($accountnull)
  365.         );
  367.         return $this->view(
  368.             array(
  369.                 'account' => $account,
  370.             )
  371.         );
  372.     }
  374.     /**
  375.      * @param $accountId
  376.      * @return DocumentScene|RedirectResponse
  377.      * @throws \Exception
  378.      *
  379.      * @Route(
  380.      *  "/{accountId}/edit",
  381.      *  name = AccountsController::ROUTES__EDIT,
  382.      *  requirements = {
  383.      *      "accountId" = "[1-9]\d*"
  384.      *  }
  385.      * )
  386.      */
  387.     public function editAction($accountId)
  388.     {
  389.         // load the account
  390.         $account $this->getAccountRepository()->findExact($accountId);
  392.         // AUDIT
  393.         $this->denyAccessUnlessGranted(
  394.             'campussuite.platform.security.accounts.manage',
  395.             array($accountnull)
  396.         );
  398.         // check for oneroster
  399.         if ($account->isOneRoster()) {
  400.             throw new \Exception();
  401.         }
  403.         // form for edit
  404.         $form $this->createForm(AccountType::class, $account, array(
  405.             'password' => false,
  406.         ));
  408.         // check for submission
  409.         if ($this->handleForm($form)) {
  410.             // merge the form data
  411.             /** @var Account $account */
  412.             $account $form->getData();
  414.             try {
  416.                 // save to db
  417.                 $this->getEntityManager()->save($account);
  419.                 // it is, make the new credential
  420.                 $password $form->get('password')->getData();
  421.                 if ( ! empty($password)) {
  422.                     $this->getEntityManager()->save($account->setPasswordRaw($password));
  423.                     if ($form->get('notify')->getData() === true) {
  424.                         $this->sendResetPasswordEmail($account$password);
  425.                     }
  426.                 }
  428.                 // record log
  429.                 $this->getActivityLogger()->createLog($account);
  431.                 // go to viewing this one
  432.                 return $this->redirectToRoute(
  433.                     self::ROUTES__VIEW,
  434.                     array(
  435.                         'accountId' => $accountId,
  436.                     )
  437.                 );
  439.             } catch (\Exception $e) {
  440.                 $this->getSession()->getFlashBag()->add('danger'$e->getMessage());
  441.             }
  442.         }
  444.         return $this->view(
  445.             array(
  446.                 'account' => $account,
  447.                 'form' => $form->createView(),
  448.             )
  449.         );
  450.     }
  452.     /**
  453.      * @param Request $request
  454.      * @param $accountId
  455.      * @return DocumentScene|RedirectResponse
  456.      * @throws \Exception
  457.      *
  458.      * @Route(
  459.      *  "/{accountId}/edit-locale",
  460.      *  name = AccountsController::ROUTES__EDIT_LOCALE,
  461.      *  requirements = {
  462.      *      "accountId" = "[1-9]\d*"
  463.      *  }
  464.      * )
  465.      */
  466.     public function editLocaleAction(Request $request$accountId)
  467.     {
  468.         // load the account
  469.         $account $this->getAccountRepository()->findExact($accountId);
  471.         // AUDIT
  472.         $this->denyAccessUnlessGranted(
  473.             'campussuite.platform.security.accounts.manage',
  474.             array($accountnull)
  475.         );
  477.         // form for edit
  478.         $form $this->createForm(
  479.             AccountLocaleType::class,
  480.             $account
  481.         );
  483.         // check for submission
  484.         if ($request->isMethod('POST')) {
  485.             // merge the form data
  486.             /** @var Account $account */
  487.             $account $form->handleRequest($request)->getData();
  489.             try {
  490.                 // save to db
  491.                 $this->getEntityManager()->save($account);
  493.                 // record log
  494.                 $this->getActivityLogger()->createLog($account);
  496.                 // go to viewing this one
  497.                 return $this->redirectToRoute(
  498.                     self::ROUTES__VIEW,
  499.                     array(
  500.                         'accountId' => $accountId,
  501.                     )
  502.                 );
  503.             } catch (\Exception $e) {
  504.                 $this->getSession()->getFlashBag()->add('danger'$e->getMessage());
  505.             }
  506.         }
  508.         return $this->view(
  509.             array(
  510.                 'account' => $account,
  511.                 'form' => $form->createView(),
  512.             )
  513.         );
  514.     }
  516.     /**
  517.      * @param Request $request
  518.      * @param $accountId
  519.      * @return DocumentScene|RedirectResponse
  520.      * @throws \Exception
  521.      *
  522.      * @Route(
  523.      *  "/{accountId}/reactivate",
  524.      *  name = AccountsController::ROUTES__REACTIVATE,
  525.      *  requirements = {
  526.      *      "accountId" = "[1-9]\d*"
  527.      *  }
  528.      * )
  529.      */
  530.     public function reactivateAction(Request $request$accountId)
  531.     {
  532.         // obtain the account
  533.         $account $this->getAccountRepository()->findExact($accountId);
  535.         // AUDIT
  536.         $this->denyAccessUnlessGranted(
  537.             'campussuite.platform.security.accounts.manage',
  538.             array($accountnull)
  539.         );
  541.         // if the account is already active, we want to get away from here
  542.         if ($account->isActive()) {
  543.             return $this->redirectToRoute(self::ROUTES__LIST);
  544.         }
  546.         // check for submission
  547.         if ($request->isMethod('POST')) {
  548.             // force active state
  549.             $account->setActive(true);
  551.             // save to db
  552.             $this->getEntityManager()->save($account);
  554.             // log the change
  555.             $this->getActivityLogger()->createLog($account$accountId);
  557.             // go back
  558.             return $this->redirectToRoute(self::ROUTES__LIST);
  559.         }
  561.         return $this->view(
  562.             array(
  563.                 'account' => $account,
  564.             )
  565.         );
  566.     }
  568.     /**
  569.      * @param Request $request
  570.      * @param $accountId
  571.      * @return DocumentScene|RedirectResponse
  572.      * @throws \Exception
  573.      *
  574.      * @Route(
  575.      *  "/{accountId}/deactivate",
  576.      *  name = AccountsController::ROUTES__DEACTIVATE,
  577.      *  requirements = {
  578.      *      "accountId" = "[1-9]\d*"
  579.      *  }
  580.      * )
  581.      */
  582.     public function deactivateAction(Request $request$accountId)
  583.     {
  584.         // obtain the account
  585.         $account $this->getAccountRepository()->findExact($accountId);
  587.         // AUDIT
  588.         $this->denyAccessUnlessGranted(
  589.             'campussuite.platform.security.accounts.manage',
  590.             array($accountnull)
  591.         );
  593.         // if we are not active, we just want to get away from here as nothing to do
  594.         if ($account->isActive() === false) {
  595.             return $this->redirectToRoute(self::ROUTES__LIST);
  596.         }
  598.         // check for submission
  599.         if ($request->isMethod('POST')) {
  600.             // unset the active state
  601.             $account->setActive(false);
  603.             // save
  604.             $this->getEntityManager()->save($account);
  606.             // log the action
  607.             $this->getActivityLogger()->createLog($account$accountId);
  609.             // go back
  610.             return $this->redirectToRoute(self::ROUTES__LIST);
  611.         }
  613.         return $this->view(
  614.             array(
  615.                 'account' => $account,
  616.             )
  617.         );
  618.     }
  620.     /**
  621.      * @param $accountId
  622.      * @return DocumentScene|RedirectResponse
  623.      * @throws \Exception
  624.      *
  625.      * @Route(
  626.      *  "/{accountId}/manage-password",
  627.      *  name = AccountsController::ROUTES__MANAGE_PASSWORD,
  628.      *  requirements = {
  629.      *      "accountId" = "[1-9]\d*"
  630.      *  }
  631.      * )
  632.      */
  633.     public function managePasswordAction($accountId)
  634.     {
  635.         // load up the account
  636.         $account $this->getAccountRepository()->findExact($accountId);
  638.         // AUDIT
  639.         $this->denyAccessUnlessGranted(
  640.             'campussuite.platform.security.accounts.manage',
  641.             array($accountnull)
  642.         );
  644.         // if no password, disallow
  645.         if ( ! $account->canManagePassword()) {
  646.             throw new \Exception();
  647.         }
  649.         return $this->view(
  650.             array(
  651.                 'account' => $account,
  652.             )
  653.         );
  654.     }
  656.     /**
  657.      * @param Request $request
  658.      * @param $accountId
  659.      * @return DocumentScene|RedirectResponse
  660.      * @throws \Exception
  661.      *
  662.      * @Route(
  663.      *  "/{accountId}/reset-password",
  664.      *  name = AccountsController::ROUTES__RESET_PASSWORD,
  665.      *  requirements = {
  666.      *      "accountId" = "[1-9]\d*"
  667.      *  }
  668.      * )
  669.      */
  670.     public function resetPasswordAction(Request $request$accountId)
  671.     {
  672.         // load up the account
  673.         $account $this->getAccountRepository()->findExact($accountId);
  675.         // AUDIT
  676.         $this->denyAccessUnlessGranted(
  677.             'campussuite.platform.security.accounts.manage',
  678.             array($accountnull)
  679.         );
  681.         // if no password, disallow
  682.         if ( ! $account->canManagePassword()) {
  683.             throw new \Exception();
  684.         }
  686.         // handle the submission
  687.         if ($request->isMethod('POST')) {
  688.             // setup and send reset email
  689.             $this->getPasswordService()->sendResetPasswordInitEmail(
  690.                 $request,
  691.                 $account
  692.             );
  694.             // log this
  695.             $this->getActivityLogger()->createLog($account$accountId);
  697.             // go back to where we came
  698.             return $this->redirectToRoute(self::ROUTES__LIST);
  699.         }
  701.         throw new \Exception();
  702.     }
  704.     /**
  705.      * @param Request $request
  706.      * @param $accountId
  707.      * @return DocumentScene|RedirectResponse
  708.      * @throws \Exception
  709.      *
  710.      * @Route(
  711.      *  "/{accountId}/clear-password",
  712.      *  name = AccountsController::ROUTES__CLEAR_PASSWORD,
  713.      *  requirements = {
  714.      *      "accountId" = "[1-9]\d*"
  715.      *  }
  716.      * )
  717.      */
  718.     public function clearPasswordAction(Request $request$accountId)
  719.     {
  720.         // load up the account
  721.         $account $this->getAccountRepository()->findExact($accountId);
  723.         // AUDIT
  724.         $this->denyAccessUnlessGranted(
  725.             'campussuite.platform.security.accounts.manage',
  726.             array($accountnull)
  727.         );
  729.         // if no password, disallow
  730.         if ( ! $account->canManagePassword()) {
  731.             throw new \Exception();
  732.         }
  734.         // handle the submission
  735.         if ($request->isMethod('POST')) {
  736.             // wipe the password
  737.             $this->getEntityManager()->save(
  738.                 $account->setPassword(null)
  739.             );
  741.             // log this
  742.             $this->getActivityLogger()->createLog($account$accountId);
  744.             // go back to where we came
  745.             return $this->redirectToRoute(self::ROUTES__LIST);
  746.         }
  748.         throw new \Exception();
  749.     }
  751.     /**
  752.      * @param Request $request
  753.      * @param int $accountId
  754.      * @return DocumentScene|RedirectResponse
  755.      * @throws \Exception
  756.      *
  757.      * @Route(
  758.      *  "/{accountId}/assign-roles",
  759.      *  name = AccountsController::ROUTES__ASSIGN_ROLES,
  760.      *  requirements = {
  761.      *      "accountId" = "[1-9]\d*"
  762.      *  }
  763.      * )
  764.      */
  765.     public function assignRolesAction(Request $request$accountId)
  766.     {
  767.         // get the account
  768.         $account $this->getAccountRepository()->findExact($accountId);
  770.         // AUDIT
  771.         $this->denyAccessUnlessGranted(
  772.             'campussuite.platform.security.accounts.manage',
  773.             array($accountnull)
  774.         );
  776.         // grab all of the groups in the system
  777.         $roles $this->getRoleRepository()->findBy(array(), array(
  778.             'name' => 'ASC',
  779.         ));
  781.         // grab all of the current associations
  782.         $associations $this->getAccountRoleAssociationRepository()->findByAccount($account);
  784.         $form $this->createForm(RolesType::class, [], array(
  785.             'roles' => $roles,
  786.             'containers' => array_merge(
  787.                 $this->getGenericContainerRepository()->findAllHierarchy(),
  788.                 $this->getIntranetContainerRepository()->findAllHierarchy()
  789.             ),
  790.         ));
  792.         $form->handleRequest($request);
  793.         // check for submission
  794.         if ($request->isMethod('POST') && $data $form->getData()) {
  795.             $data['container'] = (isset($data['container']) && ! empty($data['container'])) ? $data['container'] : null;
  796.             $data['inheritance'] =
  797.                 (isset($data['inheritance']) && ! empty($data['inheritance']))
  798.                     ? $data['inheritance']
  799.                     : null;
  801.             if (empty($data['role'])) {
  802.                 $this->getSession()->getFlashBag()->add('danger''Please, choose role for account.');
  803.             } else {
  804.                 if (empty(
  805.                     $this->getAccountRoleAssociationRepository()
  806.                         ->findBy(
  807.                             array('account' => $account'role' => $data['role'], 'container' => $data['container'])
  808.                         )
  809.                 )) {
  810.                     $association = (new AccountRoleAssociation())
  811.                         ->setAccount($account)
  812.                         ->setRole($data['role']);
  813.                     if ($data['container']) {
  814.                         $association
  815.                             ->setContainer($data['container'])
  816.                             ->setInheritance($data['inheritance']);
  817.                     } else {
  818.                         $association
  819.                             ->setContainer(null)
  820.                             ->setInheritance(RoleAssociation::INHERITANCES__ME_ONLY);
  821.                     }
  822.                     $this->getEntityManager()->save($association);
  824.                     // record log
  825.                     $this->getActivityLogger()->createLog($association);
  827.                     $this->getSession()->getFlashBag()->add('success''Role has been added.');
  829.                     // go back to listing
  830.                     return $this->redirectToRoute(self::ROUTES__ASSIGN_ROLES, array('accountId' => $accountId));
  831.                 } else {
  832.                     $this->getSession()->getFlashBag()->add('danger''Role with this parameters already exist.');
  833.                 }
  834.             }
  835.         }
  837.         return $this->view(
  838.             array(
  839.                 'form' => $form->createView(),
  840.                 'account' => $account,
  841.                 'roles' => $roles,
  842.                 'associations' => $associations,
  843.             )
  844.         );
  845.     }
  847.     /**
  848.      * @param Request $request
  849.      * @param int $accountId
  850.      * @param int $associationId
  851.      * @return DocumentScene|RedirectResponse
  852.      * @throws \Exception
  853.      *
  854.      * @Route(
  855.      *  "/{accountId}/remove-roles/{associationId}",
  856.      *  name = AccountsController::ROUTES__REMOVE_ROLES,
  857.      *  requirements = {
  858.      *      "accountId" = "[1-9]\d*",
  859.      *      "associationId" = "[1-9]\d*"
  860.      *  }
  861.      * )
  862.      */
  863.     public function removeRolesAction(Request $request$accountId$associationId)
  864.     {
  865.         // get the account
  866.         $account $this->getAccountRepository()->findExact($accountId);
  868.         // AUDIT
  869.         $this->denyAccessUnlessGranted(
  870.             'campussuite.platform.security.accounts.manage',
  871.             array($accountnull)
  872.         );
  874.         // get association
  875.         $roleAssociation $this->getAccountRoleAssociationRepository()->findExact($associationId);
  877.         // check for submission
  878.         if ($request->isMethod('POST')) {
  879.             // do the deletion
  880.             $this->getEntityManager()->delete($roleAssociation);
  882.             // record log
  883.             $this->getActivityLogger()->createLog($roleAssociation$associationId);
  885.             $this->getSession()->getFlashBag()->add('danger''Role has been removed.');
  887.             // go back to list
  888.             return $this->redirectToRoute(self::ROUTES__ASSIGN_ROLES, array('accountId' => $accountId));
  889.         }
  891.         return $this->view(
  892.             array(
  893.                 'account' => $account,
  894.                 'roleAssociation' => $roleAssociation,
  895.             )
  896.         );
  897.     }
  899.     /**
  900.      * @param Request $request
  901.      * @param $accountId
  902.      * @return DocumentScene|RedirectResponse
  903.      * @throws \Exception
  904.      *
  905.      * @Route(
  906.      *  "/{accountId}/assign-groups",
  907.      *  name = AccountsController::ROUTES__ASSIGN_GROUPS,
  908.      *  requirements = {
  909.      *      "accountId" = "[1-9]\d*"
  910.      *  }
  911.      * )
  912.      */
  913.     public function assignGroupsAction(Request $request$accountId)
  914.     {
  915.         // get the account
  916.         $account $this->getAccountRepository()->findExact($accountId);
  918.         // AUDIT
  919.         $this->denyAccessUnlessGranted(
  920.             'campussuite.platform.security.groups.manage',
  921.             array($accountnull)
  922.         );
  924.         // grab all of the groups in the system
  925.         $groups $this->getGroupRepository()->findBy(array(), array(
  926.             'name' => 'ASC',
  927.         ));
  929.         // grab all of the current associations
  930.         $associations $this->getGroupAccountRepository()->findByAccount($account);
  932.         $form $this->createForm(
  933.             GroupsType::class,
  934.             null,
  935.             array(
  936.                 'groups' => $groups,
  937.             )
  938.         );
  940.         $form->handleRequest($request);
  941.         // check for submission
  942.         if ($request->isMethod('POST') && $data $form->getData()) {
  944.             if (empty($data['group'])) {
  945.                 $this->getSession()->getFlashBag()->add('danger''Please, choose group for account.');
  946.             } else {
  947.                 if (empty(
  948.                     $this->getGroupAccountRepository()->findBy(
  949.                         array('account' => $account'group' => $data['group'])
  950.                     )
  951.                 )) {
  952.                     $association = (new GroupAccount())
  953.                         ->setAccount($account)
  954.                         ->setGroup($data['group']);
  956.                     // AUDIT
  957.                     $this->denyAccessUnlessGranted(
  958.                         'campussuite.platform.security.groups.manage',
  959.                         array($data['group'], null)
  960.                     );
  962.                     $this->getEntityManager()->save($association);
  964.                     // record log
  965.                     $this->getActivityLogger()->createLog($association);
  967.                     $this->getSession()->getFlashBag()->add('success''Group has been added.');
  969.                     // go back to listing
  970.                     return $this->redirectToRoute(self::ROUTES__ASSIGN_GROUPS, array('accountId' => $accountId));
  971.                 } else {
  972.                     $this->getSession()->getFlashBag()->add('danger''Group with this parameters already exist.');
  973.                 }
  974.             }
  975.         }
  977.         return $this->view(
  978.             array(
  979.                 'form' => $form->createView(),
  980.                 'account' => $account,
  981.                 'groups' => $groups,
  982.                 'associations' => $associations,
  983.             )
  984.         );
  985.     }
  987.     /**
  988.      * @param Request $request
  989.      * @param int $accountId
  990.      * @param int $associationId
  991.      * @return DocumentScene|RedirectResponse
  992.      * @throws \Exception
  993.      *
  994.      * @Route(
  995.      *  "/{accountId}/remove-groups/{associationId}",
  996.      *  name = AccountsController::ROUTES__REMOVE_GROUPS,
  997.      *  requirements = {
  998.      *      "accountId" = "[1-9]\d*",
  999.      *      "associationId" = "[1-9]\d*"
  1000.      *  }
  1001.      * )
  1002.      */
  1003.     public function removeGroupsAction(Request $request$accountId$associationId)
  1004.     {
  1005.         // get the account
  1006.         $account $this->getAccountRepository()->findExact($accountId);
  1008.         // AUDIT
  1009.         $this->denyAccessUnlessGranted(
  1010.             'campussuite.platform.security.groups.manage',
  1011.             array($accountnull)
  1012.         );
  1014.         // get association
  1015.         $groupAssociation $this->getGroupAccountRepository()->findExact($associationId);
  1017.         // AUDIT
  1018.         $this->denyAccessUnlessGranted(
  1019.             'campussuite.platform.security.groups.manage',
  1020.             array($groupAssociationnull)
  1021.         );
  1023.         // check for submission
  1024.         if ($request->isMethod('POST')) {
  1025.             // do the deletion
  1026.             $this->getEntityManager()->delete($groupAssociation);
  1028.             // record log
  1029.             $this->getActivityLogger()->createLog($groupAssociation$associationId);
  1031.             $this->getSession()->getFlashBag()->add('danger''Group has been removed.');
  1033.             // go back to list
  1034.             return $this->redirectToRoute(self::ROUTES__ASSIGN_GROUPS, array('accountId' => $accountId));
  1035.         }
  1037.         return $this->view(
  1038.             array(
  1039.                 'account' => $account,
  1040.                 'groupAssociation' => $groupAssociation,
  1041.             )
  1042.         );
  1043.     }
  1045.     /**
  1046.      * @param Request $request
  1047.      * @param int $accountId
  1048.      * @return DocumentScene|RedirectResponse
  1049.      * @throws \Exception
  1050.      *
  1051.      * @Route(
  1052.      *  "/{accountId}/special-permissions",
  1053.      *  name = AccountsController::ROUTES__SPECIAL_PERMISSIONS,
  1054.      *  requirements = {
  1055.      *      "accountId" = "[1-9]\d*",
  1056.      *  }
  1057.      * )
  1058.      */
  1059.     public function specialPermissionsAction(Request $request$accountId)
  1060.     {
  1061.         // only SuperAdmin can perform this action!
  1062.         if( ! $this->getSentry()->isSuperAdmin($this->getContextManager()->getGlobalContext()->getEffectiveAccount())) {
  1063.             throw new AccessDeniedException();
  1064.         }
  1066.         $account $this->getAccountRepository()->findExact($accountId);
  1067.         $form $this->createForm(SpecialPermissionsType::class, $account);
  1068.         if ($this->handleForm($form$request)) {
  1069.             $this->getEntityManager()->save($account);
  1071.             // record log
  1072.             $this->getActivityLogger()->createLog($account);
  1074.             return $this->redirectToRoute(
  1075.                 self::ROUTES__VIEW,
  1076.                 array(
  1077.                     'accountId' => $accountId,
  1078.                 )
  1079.             );
  1080.         }
  1081.         return $this->view(
  1082.             array(
  1083.                 'form' => $form->createView(),
  1084.                 'account' => $account,
  1085.             )
  1086.         );
  1087.     }
  1089.     /**
  1090.      * @param int $accountId
  1091.      * @param int $containerId
  1092.      * @return DocumentScene
  1093.      * @throws \Exception
  1094.      *
  1095.      * @Route(
  1096.      *  "/{accountId}/audit/{containerId}",
  1097.      *  name = AccountsController::ROUTES__AUDIT,
  1098.      *  requirements = {
  1099.      *      "accountId" = "[1-9]\d*",
  1100.      *      "containerId" = "[1-9]\d*",
  1101.      *  },
  1102.      *  defaults = {
  1103.      *      "containerId" = null
  1104.      *  }
  1105.      * )
  1106.      */
  1107.     public function auditAction($accountId$containerId)
  1108.     {
  1109.         $container $containerId $this->getContainerRepository()->find($containerId) : null;
  1111.         // obtain all of the permissions available in the system
  1112.         $permissionsArray $this->getParameter('platform.security.permissions');
  1114.         // load the account
  1115.         $account $this->getAccountRepository()->findExact($accountId);
  1117.         $permissions = new Permissions();
  1119.         foreach ($permissionsArray as $permission) {
  1120.             $permissions->addPermission(
  1121.                 (new Permission())
  1122.                     ->setValue(
  1123.                         $this->getSentry()->check(
  1124.                             $account,
  1125.                             $permission['key'],
  1126.                             $container,
  1127.                         )
  1128.                     )
  1129.                     ->setLabel($permission['name'])
  1130.             );
  1131.         }
  1133.         $form $this->createForm(PermissionsAuditType::class, $permissions, array('container' => $container));
  1135.         return $this->view(
  1136.             array(
  1137.                 'account' => $account,
  1138.                 'form' => $form->createView(),
  1139.             )
  1140.         );
  1141.     }
  1143.     /**
  1144.      * @return Response
  1145.      *
  1146.      * @Route("/export/xlsx", name = AccountsController::ROUTES__EXPORT_XLSX)
  1147.      */
  1148.     public function exportAction()
  1149.     {
  1150.         // AUDIT
  1151.         $this->denyAccessUnlessGranted('campussuite.platform.security.accounts.manage');
  1153.         /** @var Account[] $accounts */
  1154.         $accounts $this->getAccountRepository()->findAll();
  1155.         $data $this->getAccountReporter()->generateAccountList($accounts);
  1157.         $response = new Response($data);
  1159.         $contentDisposition $response->headers->makeDisposition(
  1160.             ResponseHeaderBag::DISPOSITION_ATTACHMENT,
  1161.             sprintf(
  1162.                 'accounts-%s.xlsx',
  1163.                 DateTimeUtils::format(
  1164.                     DateTimeUtils::today(),
  1165.                     'Y-m-d'
  1166.                 )
  1167.             )
  1168.         );
  1169.         $response->headers->set('Content-Disposition'$contentDisposition);
  1170.         $response->headers->set(
  1171.             'Content-type',
  1172.             $this->getFileManager()->mimeByExtension('xlsx')
  1173.         );
  1175.         return $response;
  1176.     }
  1177. }